Tips and Tricks HQ Support

Support site for Tips and Tricks HQ premium products

mod_rewrite problems

by

Tips and Tricks HQ Support Portal Forums WP eStore Forum WP eStore Troubleshooting mod_rewrite problems

Tagged: ,

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • January 26, 2011 at 12:31 am #2570
    affiliatepro
    Member

    I’m installing the cart on a site and after working on it for a few minutes the browser went blank and wouldn’t load my site, I couldn’t access the wp-admin either.

    I contacted gvocom.com where the hosting is through and they said

    quote:

    your ip got blocked due to mod_security reason. It seems the method you are using in your site is against the policy set in the server and caused the block.

    Please check with your developer for the correct usage. It looks like it’s in the wp-cart under file “wp-cart-for-digital-products/lib/jquery.cookie.js”

    If not our server admin can disable mod_security for your domain. But the second

    method is not a good practice.

    unquote

    Any ideas why this would be happening?

    Thanks

    January 26, 2011 at 1:50 am #28405
    affiliatepro
    Member

    I just got this back from GVO support…. has something to do with cart..

    Here’s the info they sent me…

    Hello,

    I have removed the block now. You will be able to access the site now. It seems the method you are using in your site is against the policy set in the server and caused the block. Following was there in the modsecurity logs which caused the block.

    [Tue Jan 25 17:20:28 2011] [error] [client 71.199.4.124] ModSecurity: Access denied with code 406 (phase 2). Pattern match “(?:b(?:(?:type\b\W*?\b(?:text\b\W*?\b(?:j(?:ava)?|ecma|vb)|application\b\W*?\bx-(?:java|vb))script|c(?:opyparentfolder|reatetextrange)|get(?:special|parent)folder|iframe\b.{0,100}?\bsrc)\b|on(?:(?:mo(?:use(?:o(?:ver|ut)|down|move|up)|ve)|key(?:press|d …” at REQUEST_FILENAME. [file “/usr/local/apache/conf/modsec2.user.conf”] [line “117”] [id “950004”] [msg “Cross-site Scripting (XSS) Attack”] [data “.cookie”] [severity “CRITICAL”] [tag “WEB_ATTACK/XSS”] [hostname “antiques-furniture-collectables.info”] [uri “/wp-content/plugins/wp-cart-for-digital-products/lib/jquery.cookie.js”] [unique_id “TT9avAzMpLIAAFfVM5EAAAAj”]

    Please check with your developer for the correct usage.

    Any way to fix this? What does “Web Attack” mean?

    Thanks

    January 26, 2011 at 4:09 am #28406
    wpCommerce
    Moderator

    Please have a look at the following post which will explain this-

    https://support.tipsandtricks-hq.com/forums/topic/xss-attack-caused-by-wp-cart-for-digital-productslibjquerycookiejs

    There is a workaround for it in the recent version of the plugin. You can get a recent build from here –

    https://support.tipsandtricks-hq.com/update-request

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.